Research And Implemenation Of Malware Family Classification Method Based On The Extreme Learning Machine

Malware,as the most important attack carrier for various network security events,has become one of the serious threats to network security.The malware has a very short life cycle,and malware that causes great harm by spreading widely in the same sample is rare.In order to improve the survivability of malware,its writers often change the code fonn and generate various malware variants with similar attack behavior,by modifying malware using polymorphism,deformation and other technical means.The behavior above makes the malware not only fission growth in number,but also its defenses become more diversified.If the newly generated malware could be marked according to the existing one and the sample features could be extracted,the efficiency and accuracy of scanning engine in detecting emerging malware will be improved.Based on the analysis above,this thesis researches and implements the family classification technology of malware based on extreme learning machine.The main work of the thesis is as follows:(1)A complete experimental scheme for the malware family classification technology on Windows operating system is proposed.The scheme includes data collection,feature engineering and classification learning.Firstly,select the malware samples that meet the requirements from the malware database website "VirusShare" to build experimental data sets.Secondly,by analyzing a large amount of malware and using open source tools PEframe and Exeinfo to extract the sample PE features,the feature vector file is obtained,and the malware feature database is constructed.Finally,the feature vectors are combined with corresponding family category labels,then the classifier is input for model training.(2)An extreme learning machine is proposed as a model classifier.After deeply researching the theoretical basis of the extreme learning machine algorithm,this thesis applies the extreme learning machine to the malware family classification technology to train the classifier to predict and classify the malware family.Compared with the currently used machine learning algorithm,the extreme learning machine is an efficient model classifier,since it could effectively shorten the training time and improve the generalization of the model on the basis of ensuring the classification accuracy.(3)The malware family classification tool based on extreme learning machine is developed,and the availability and effectiveness of the method proposed in this thesis are verified.In addition,compared with four currently classification models,such as Support Vector Machine,Naive Bayes and Decision Tree,the proposed technical scheme has higher classification efficiency and accuracy.This thesis researches and implements the malware family classification technology based on extreme learning machine,and achieves the prediction and classification of malware family on Windows platform.This method has great practical significance,since it effectively improves the family classification accuracy and efficiency.